Skip to content

Commit

Permalink
Merge main
Browse files Browse the repository at this point in the history
  • Loading branch information
@majst01
majst01 committed Jan 31, 2024
2 parents 76f40cf + 10ffbc7 commit 8767c38
Show file tree
Hide file tree
Showing 5 changed files with 116 additions and 75 deletions.
88 changes: 71 additions & 17 deletions auditing/auditing-interceptor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ import (
"github.com/metal-stack/security"
"go.uber.org/zap"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)

const (
Expand Down Expand Up @@ -48,20 +50,25 @@ func UnaryServerInterceptor(a Auditing, logger *zap.SugaredLogger, shouldAudit f
Path: info.FullMethod,
Phase: EntryPhaseRequest,
}

user := security.GetUserFromContext(ctx)
if user != nil {
auditReqContext.User = user.EMail
auditReqContext.User = user.Subject
auditReqContext.Tenant = user.Tenant
}

err = a.Index(auditReqContext)
if err != nil {
return nil, err
}

auditReqContext.prepareForNextPhase()
resp, err = handler(childCtx, req)

auditReqContext.Phase = EntryPhaseResponse
auditReqContext.Body = resp
auditReqContext.StatusCode = statusCodeFromGrpc(err)

if err != nil {
auditReqContext.Error = err
err2 := a.Index(auditReqContext)
Expand All @@ -70,6 +77,7 @@ func UnaryServerInterceptor(a Auditing, logger *zap.SugaredLogger, shouldAudit f
}
return nil, err
}

err = a.Index(auditReqContext)
return resp, err
}
Expand Down Expand Up @@ -106,15 +114,19 @@ func StreamServerInterceptor(a Auditing, logger *zap.SugaredLogger, shouldAudit

user := security.GetUserFromContext(ss.Context())
if user != nil {
auditReqContext.User = user.EMail
auditReqContext.User = user.Subject
auditReqContext.Tenant = user.Tenant
}

err := a.Index(auditReqContext)
if err != nil {
return err
}

auditReqContext.prepareForNextPhase()
err = handler(srv, childSS)
auditReqContext.StatusCode = statusCodeFromGrpc(err)

if err != nil {
auditReqContext.Error = err
err2 := a.Index(auditReqContext)
Expand All @@ -123,8 +135,10 @@ func StreamServerInterceptor(a Auditing, logger *zap.SugaredLogger, shouldAudit
}
return err
}

auditReqContext.Phase = EntryPhaseClosed
err = a.Index(auditReqContext)

return err
}
}
Expand Down Expand Up @@ -157,22 +171,29 @@ func (a auditingConnectInterceptor) WrapStreamingClient(next connect.StreamingCl
Phase: EntryPhaseOpened,
Type: EntryTypeGRPC,
}

user := security.GetUserFromContext(ctx)
if user != nil {
auditReqContext.User = user.EMail
auditReqContext.User = user.Subject
auditReqContext.Tenant = user.Tenant
}

err := a.auditing.Index(auditReqContext)
if err != nil {
a.logger.Errorf("unable to index error: %v", err)
}

auditReqContext.prepareForNextPhase()
scc := next(childCtx, s)

auditReqContext.Phase = EntryPhaseClosed
auditReqContext.StatusCode = statusCodeFromGrpc(err)

err = a.auditing.Index(auditReqContext)
if err != nil {
a.logger.Errorf("unable to index error: %v", err)
}

return scc
}
}
Expand All @@ -193,23 +214,34 @@ func (a auditingConnectInterceptor) WrapStreamingHandler(next connect.StreamingH
childCtx := context.WithValue(ctx, rest.RequestIDKey, requestID)

auditReqContext := Entry{
RequestId: requestID,
Detail: EntryDetailGRPCStream,
Path: shc.Spec().Procedure,
Phase: EntryPhaseOpened,
Type: EntryTypeGRPC,
RequestId: requestID,
Detail: EntryDetailGRPCStream,
Path: shc.Spec().Procedure,
Phase: EntryPhaseOpened,
Type: EntryTypeGRPC,
RemoteAddr: shc.RequestHeader().Get("X-Real-Ip"),
ForwardedFor: shc.RequestHeader().Get("X-Forwarded-For"),
}

if auditReqContext.RemoteAddr == "" {
auditReqContext.RemoteAddr = shc.Peer().Addr
}

user := security.GetUserFromContext(ctx)
if user != nil {
auditReqContext.User = user.EMail
auditReqContext.User = user.Subject
auditReqContext.Tenant = user.Tenant
}

err := a.auditing.Index(auditReqContext)
if err != nil {
a.logger.Errorf("unable to index error: %v", err)
}

auditReqContext.prepareForNextPhase()
err = next(childCtx, shc)
auditReqContext.StatusCode = statusCodeFromGrpc(err)

if err != nil {
auditReqContext.Error = err
err2 := a.auditing.Index(auditReqContext)
Expand All @@ -218,11 +250,13 @@ func (a auditingConnectInterceptor) WrapStreamingHandler(next connect.StreamingH
}
return err
}

auditReqContext.Phase = EntryPhaseClosed
err = a.auditing.Index(auditReqContext)
if err != nil {
a.logger.Errorf("unable to index error: %v", err)
}

return err
}
}
Expand All @@ -243,17 +277,23 @@ func (i auditingConnectInterceptor) WrapUnary(next connect.UnaryFunc) connect.Un
childCtx := context.WithValue(ctx, rest.RequestIDKey, requestID)

auditReqContext := Entry{
RequestId: requestID,
Detail: EntryDetailGRPCUnary,
Path: ar.Spec().Procedure,
Phase: EntryPhaseRequest,
Type: EntryTypeGRPC,
Body: ar.Any(),
RemoteAddr: ar.Peer().Addr,
RequestId: requestID,
Detail: EntryDetailGRPCUnary,
Path: ar.Spec().Procedure,
Phase: EntryPhaseRequest,
Type: EntryTypeGRPC,
Body: ar.Any(),
RemoteAddr: ar.Header().Get("X-Real-Ip"),
ForwardedFor: ar.Header().Get("X-Forwarded-For"),
}

if auditReqContext.RemoteAddr == "" {
auditReqContext.RemoteAddr = ar.Peer().Addr
}

user := security.GetUserFromContext(ctx)
if user != nil {
auditReqContext.User = user.EMail
auditReqContext.User = user.Subject
auditReqContext.Tenant = user.Tenant
}
err := i.auditing.Index(auditReqContext)
Expand All @@ -262,9 +302,13 @@ func (i auditingConnectInterceptor) WrapUnary(next connect.UnaryFunc) connect.Un
}

auditReqContext.prepareForNextPhase()

resp, err := next(childCtx, ar)

auditReqContext.Phase = EntryPhaseResponse
auditReqContext.Body = resp
auditReqContext.StatusCode = statusCodeFromGrpc(err)

if err != nil {
auditReqContext.Error = err
err2 := i.auditing.Index(auditReqContext)
Expand All @@ -273,6 +317,7 @@ func (i auditingConnectInterceptor) WrapUnary(next connect.UnaryFunc) connect.Un
}
return nil, err
}

err = i.auditing.Index(auditReqContext)
return resp, err
}
Expand Down Expand Up @@ -432,3 +477,12 @@ type grpcServerStreamWithContext struct {
func (s grpcServerStreamWithContext) Context() context.Context {
return s.ctx
}

func statusCodeFromGrpc(err error) int {
s, ok := status.FromError(err)
if !ok {
return int(codes.Unknown)
}

return int(s.Code())
}
2 changes: 1 addition & 1 deletion auditing/auditing.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ type Entry struct {
RemoteAddr string

Body any // JSON, string or numbers
StatusCode int // only for `EntryDetailHTTP`
StatusCode int // for `EntryDetailHTTP` the HTTP status code, for EntryDetailGRPC` the grpc status code

// Internal errors
Error error
Expand Down
31 changes: 15 additions & 16 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,14 @@ require (
github.com/go-jose/go-jose/v3 v3.0.1
github.com/go-openapi/strfmt v0.21.10
github.com/go-task/slim-sprig/v3 v3.0.0
github.com/goccy/go-yaml v1.11.2
github.com/goccy/go-yaml v1.11.3
github.com/golang-jwt/jwt/v4 v4.5.0
github.com/google/go-cmp v0.6.0
github.com/google/uuid v1.5.0
github.com/google/uuid v1.6.0
github.com/icza/dyno v0.0.0-20230330125955-09f820a8d9c0
github.com/jszwec/csvutil v1.9.0
github.com/mattn/go-isatty v0.0.20
github.com/meilisearch/meilisearch-go v0.26.0
github.com/meilisearch/meilisearch-go v0.26.1
github.com/metal-stack/security v0.7.1
github.com/metal-stack/v v1.0.3
github.com/nsqio/go-nsq v1.1.0
Expand All @@ -32,9 +32,9 @@ require (
github.com/stretchr/testify v1.8.4
github.com/testcontainers/testcontainers-go v0.27.0
go.uber.org/zap v1.26.0
golang.org/x/oauth2 v0.15.0
golang.org/x/sync v0.5.0
google.golang.org/grpc v1.60.1
golang.org/x/oauth2 v0.16.0
golang.org/x/sync v0.6.0
google.golang.org/grpc v1.61.0
google.golang.org/protobuf v1.32.0
gopkg.in/inf.v0 v0.9.1
gopkg.in/yaml.v3 v3.0.1
Expand All @@ -43,8 +43,6 @@ require (
tailscale.com v1.54.0
)

require gopkg.in/yaml.v2 v2.4.0 // indirect

require (
dario.cat/mergo v1.0.0 // indirect
filippo.io/edwards25519 v1.1.0 // indirect
Expand Down Expand Up @@ -122,7 +120,7 @@ require (
github.com/lestrrat-go/httpcc v1.0.1 // indirect
github.com/lestrrat-go/httprc v1.0.4 // indirect
github.com/lestrrat-go/iter v1.0.2 // indirect
github.com/lestrrat-go/jwx/v2 v2.0.18 // indirect
github.com/lestrrat-go/jwx/v2 v2.0.19 // indirect
github.com/lestrrat-go/option v1.0.1 // indirect
github.com/lufia/plan9stats v0.0.0-20231016141302-07b5767bb0ed // indirect
github.com/magiconair/properties v1.8.7 // indirect
Expand Down Expand Up @@ -187,22 +185,23 @@ require (
go.uber.org/goleak v1.3.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go4.org/mem v0.0.0-20220726221520-4f986261bf13 // indirect
go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
golang.org/x/crypto v0.17.0
golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect
go4.org/netipx v0.0.0-20230824141953-6213f710f925 // indirect
golang.org/x/crypto v0.18.0
golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/net v0.19.0 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/term v0.15.0
golang.org/x/net v0.20.0 // indirect
golang.org/x/sys v0.16.0 // indirect
golang.org/x/term v0.16.0
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.16.1 // indirect
golang.org/x/tools v0.17.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gvisor.dev/gvisor v0.0.0-20230928000133-4fe30062272c // indirect
inet.af/peercred v0.0.0-20210906144145-0893ea02156a // indirect
nhooyr.io/websocket v1.8.10 // indirect
Expand Down
Loading

0 comments on commit 8767c38

Please sign in to comment.